PHP Notice: Use of undefined constant HTTP_X_FORWARDED_FOR - assumed ‘HTTP_X_FORWARDED_FOR’
in /home/siteo/public_html/site.com/submit/message.php on line 158
TECH SUPPORT said: Spammers can set the HTTP_X_FORWARDED_FOR header themselves to anything they want. So you need to change this coding so that spammers can’t exploit it.
Please let us know if you need further assistance.
////////////////////////////
// begin global functions //
////////////////////////////
// get visitor IP
function getIP()
{
if(getenv(HTTP_X_FORWARDED_FOR))
$user_ip=getenv("HTTP_X_FORWARDED_FOR");
else
$user_ip=getenv("REMOTE_ADDR");
return $user_ip;
}
Please help get this sorted out as I have about 4,000 emails spammed to me and who knows how many going out
I believe the proper way to get this information is to use $_SERVER[‘HTTP_X_FORWARDED_FOR’] and to make sure it IS SET and not empty. This at the very least would get rid of the undefined constant error.
First, why are you scanning this unless you know you are behind a reverse proxy? And if you know that you probably know the proxy’s address, and then you can whitelist requests coming from there.
That is if you can trust user given IP addresses and other http headers at all . . .